In most cases, the API itself will not be worth too much without the content to back it. The latter obviously shouldn't be open-sourced, except if the service you provide is free in any case (then competitors cannot outbid you).
Unfortunately, especially in startups, security is too often an afterthought and not an underlying theme - not only the APIs themselves, but also company security and security of your internal systems. But if your security is bad to begin with, not going open source will not save you in the long run is what I'm saying.
As for your point that one guy can single-handedly rewrite a complex API that took 4 skilled developers multiple weeks to come up with to the point of being completely unrecognizable within a much shorter time, I don't really believe you. This one guy will still first have to understand the solution, which with the code won't take far less time than without it.
It takes renaming API endpoints not to get a warrent to be able to comapre 2 codes. That's all it takes.
On security side I put my money where my mouth is. I would never expose my backend code. I don't see code for AWS stuff nor Azure nor Google search engine and so on.
But if anyone wants to go ahead. I'm not buying "obscurity" statment as good enough to say go expose your code.
You're not fooling anyone if the data structure and the output is still the same. Also, I'm not saying that you should by all means expose your code, just that the "security" argument is leading into dangerous thinking about security.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
In most cases, the API itself will not be worth too much without the content to back it. The latter obviously shouldn't be open-sourced, except if the service you provide is free in any case (then competitors cannot outbid you).
Unfortunately, especially in startups, security is too often an afterthought and not an underlying theme - not only the APIs themselves, but also company security and security of your internal systems. But if your security is bad to begin with, not going open source will not save you in the long run is what I'm saying.
As for your point that one guy can single-handedly rewrite a complex API that took 4 skilled developers multiple weeks to come up with to the point of being completely unrecognizable within a much shorter time, I don't really believe you. This one guy will still first have to understand the solution, which with the code won't take far less time than without it.
It takes renaming API endpoints not to get a warrent to be able to comapre 2 codes. That's all it takes.
On security side I put my money where my mouth is. I would never expose my backend code. I don't see code for AWS stuff nor Azure nor Google search engine and so on.
But if anyone wants to go ahead. I'm not buying "obscurity" statment as good enough to say go expose your code.
You're not fooling anyone if the data structure and the output is still the same. Also, I'm not saying that you should by all means expose your code, just that the "security" argument is leading into dangerous thinking about security.